Redirection to the NAS of an external CoA request
Alan DeKok
aland at deployingradius.com
Mon Jul 19 21:30:30 CEST 2010
newtownz wrote:
> I'm trying to figure out how to send a CoA from freeRadius
> to the NAS. The set-up I have involves two servers and an
> Aruba controller.
i.e. proxying CoA packets through FreeRADIUS to the NAS.
While this should work, it's not a deeply tested scenario.
> In this test set-up the client authenticates locally on the
> freeRadius server. The server listen on port 3799 for a CoA request
> that is generated from another computer, the freeRadius accepts
> the request and sends a ACK to the generator but it does not
> send anything to the NAS,
Did you configure the server to proxy the CoA request? Look for
"proxy" in raddb/sites-available/coa in 2.1.9.
> I tried to supply in the request a
> NAS-IP-Address attribute and also tried with Packet-Dst-IP-Address
> with no success. Also tried different things in CoA and Originate-CoA
> with the same results.
Well.. the "coa" documents exactly what you need to do. Trying random
*undocumented* things won't make it work.
> The goal I'm trying to reach is to supply the user-name in the
> CoA request that will force the client to silently reconnect and
> in the meantime I will have changed the Access-List accessible to
> the client.
Use a Disconnect-Request packet to make the client disconnect.
> 1: Is it possible to send a CoA request to the freeRadius server
> and then have it relay the request to the Aruba controller?
Yes. This is called "proxying"
> 2: If it is possible what do I have to put in the configs file
> and where?
This is documented.
Alan DeKok.
More information about the Freeradius-Users
mailing list